Fortinet black logo

Administration Guide

Home FortiNDR 7.0.0 Administration Guide
7.0.0
7.4.6
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

FortiGuard Updates

Appendix D - FortiGuard Updates

For deployments that have Internet connections, FortiNDR relies on the Internet to get updates via the FortiGuard Distribution Network. In the occasions where FortiNDR cannot reach the Internet, you have the following options:

Malware artificial neural network (ANN) updates: You can update the ANN manually. These updates (in several GB) can be obtained via support website (https://support.fortinet.com) with a registered support contract. The latest ANN version can be viewed at: https://www.fortiguard.com/services/fortindr

Other detection techniques:

The following table summarises whether detection will work on/off line (no internet access). All of the detection techniques below can be updated via FortiGuard Distribution Network (Internet).

Detection Techniques

Requires Internet

Comments

Malware via ANN

No

Can be updated manually via GUI.

AV engine

Yes

Shipped by default. Will not update if there's no internet.

Botnet detection

|Yes

Has DB by default. Updates require the Internet.

Network Attacks / Application control

Yes

Has DB by default. Updates require the Internet.

Encrypted attacks (via JA3)

Yes

Has DB by default. Updates require the Internet.

Weak cipher/vulnerable protocol detection

Yes

Has DB by default. Updates require the Internet.

Device inventory

Yes

Lookup IOT services to determine device role/type/OS

FortiGuard IOC

Yes

Cloud lookup to FortiGuard servers. Internet connection required.

ML Discovery

No

Local ML algorithm updates via firmware.

Geo DB

Yes

Has DB by default. updates require the Internet.
Previous
Next

FortiGuard Updates

Appendix D - FortiGuard Updates

For deployments that have Internet connections, FortiNDR relies on the Internet to get updates via the FortiGuard Distribution Network. In the occasions where FortiNDR cannot reach the Internet, you have the following options:

Malware artificial neural network (ANN) updates: You can update the ANN manually. These updates (in several GB) can be obtained via support website (https://support.fortinet.com) with a registered support contract. The latest ANN version can be viewed at: https://www.fortiguard.com/services/fortindr

Other detection techniques:

The following table summarises whether detection will work on/off line (no internet access). All of the detection techniques below can be updated via FortiGuard Distribution Network (Internet).

Detection Techniques

Requires Internet

Comments

Malware via ANN

No

Can be updated manually via GUI.

AV engine

Yes

Shipped by default. Will not update if there's no internet.

Botnet detection

|Yes

Has DB by default. Updates require the Internet.

Network Attacks / Application control

Yes

Has DB by default. Updates require the Internet.

Encrypted attacks (via JA3)

Yes

Has DB by default. Updates require the Internet.

Weak cipher/vulnerable protocol detection

Yes

Has DB by default. Updates require the Internet.

Device inventory

Yes

Lookup IOT services to determine device role/type/OS

FortiGuard IOC

Yes

Cloud lookup to FortiGuard servers. Internet connection required.

ML Discovery

No

Local ML algorithm updates via firmware.

Geo DB

Yes

Has DB by default. updates require the Internet.
Previous
Next